Lucene search
K

30 matches found

Code423n4
Code423n4
added 2023/10/25 12:0 a.m.9 views

Broken logical expression in onlyManager()

Lines of code Vulnerability details Original Issue H-05: Functions in the VotiumStrategy contract are susceptible to sandwich attacks Details Depositing/withdrawing directly to/from derivatives provides an opportunity for an adversary to sandwich the users, since the slippage control mechanism wa...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/27 12:0 a.m.8 views

Lack of slippage protection for depositRewards() in AfEth.sol makes it susceptible to sandwich attacks

Lines of code Vulnerability details Bug Description In VotiumStrategyCore.sol, the buyCvx function calls exchangeunderlying of Curve's ETH / CVX pool to buy CVX: VotiumStrategyCore.solL233-L240 ICrvEthPoolCVXETHCRVPOOLADDRESS.exchangeunderlying value: ethAmountIn 0, 1, ethAmountIn, 0 // this is...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/09/27 12:0 a.m.10 views

Missing slippage control when directly interacting with the VotiumStrategy contract

Lines of code Vulnerability details Summary Direct deposits and withdrawals within VotiumStrategy lack any slippage controls, which opens up the possibility of sandwich attacks and Miner Extractable Value MEV exploits. Impact Interactions in the AfEth protocol often require the exchange of ETH fo...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/09/27 12:0 a.m.10 views

Functions in the VotiumStrategy contract are susceptible to sandwich attacks

Lines of code Vulnerability details Bug Description In VotiumStrategyCore.sol, the buyCvx and sellCvx functions call exchangeunderlying of Curve's ETH / CVX pool to buy and sell CVX respectively: VotiumStrategyCore.solL233-L240 ICrvEthPoolCVXETHCRVPOOLADDRESS.exchangeunderlying value: ethAmountIn...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/14 12:0 a.m.12 views

requestDeposit and requestRedeem do not allow for any price guarantee, opening users to sandwich attacks and other losses

Lines of code Vulnerability details Impact Request functions take only the desired input amount as a parameter, giving no way for the caller to control the fulfilment price. The price is decided by the Centrifuge mainnet only. function requestDeposituint256 assets, address owner; function...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/07 12:0 a.m.12 views

Some functions in TokenisableRange contracts does not allow user to deadline.

Lines of code Vulnerability details Impact Not allowing users to supply their own deadline could potentially expose them to sandwich attacks Proof of Concept Consider the following scenario: if fee0 100 bal0 && fee1 100 bal1 TOKEN0.token.safeIncreaseAllowanceaddressPOSMGR, fee0;...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/07/07 12:0 a.m.7 views

SWAP TRADES COULD BE EXECUTED AT A LATER POINT IN TIME BY THE MINERS, IF deadline == 0

Lines of code Vulnerability details Impact The Swapper.swapExactInput external function, has the deadline parameter to control the execution time of the swap transaction. If the block.timestamp has elapsed the deadline given the transaction will revert as per the implementation in the...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/07/05 12:0 a.m.16 views

doRebalance in Talos is vulnerable to Flash loan Attacks resulting loss of funds

Lines of code Vulnerability details Impact Loss of funds due to MEV Sandwich attacks. Proof of Concept Rebalancing is done using doRebalance method in TalosStrategySimple. File: TalosStrategySimple.sol function doRebalance internal override returns uint256 amount0, uint256 amount1 int24...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.6 views

Hardcoded slippage can lead to user's transactions being front run

Lines of code Vulnerability details Vulnerability details Impact Since all the main function that the user execute implement slippage, attackers can front run any user transaction since the slippage amount is set to 1% on all the lines of code listed above. This can lead to sandwich attacks. Proo...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/06/26 12:0 a.m.9 views

Sandwich attacks are possible as there is no slippage control option in Marketplace and in Lender yield swaps

Lines of code Vulnerability details Swapping function in Marketplace and Lender's yield can be sandwiched as there is no slippage control option. Trades can happen at a manipulated price and end up receiving fewer tokens than current market price dictates. Placing severity to be medium as those a...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/18 12:0 a.m.10 views

_harvest() performs market swaps without slippage control and is a subject to sandwich attacks

Lines of code Vulnerability details As a result trades happen at a manipulated price and end up receiving fewer tokens than current market price dictates. Placing severity to medium as impact here is a partial fund loss conditional only on big enough asset amount to be swapped: sandwich attacks a...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/18 12:0 a.m.9 views

Low Value Definition On The Slippage

Lines of code Vulnerability details Impact Trades can happen at a bad price and lead to receiving fewer tokens than at a fair market price. The attacker's profit is the protocol's loss. Proof of Concept MyStrategy contract has low slippage checks which can lead to being vulnerable to sandwich...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/18 12:0 a.m.6 views

Vaults are vulnerable to sandwich attacks due to missing slippage checks

Lines of code Vulnerability details Impact Swaps in the new Beefy Vault can have almost all funds taken via MEV sandwich attacks because there is no slippage control Proof of Concept The last argument to addliquidity is the minimum amount to mint, which is zero here: File:...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/18 12:0 a.m.8 views

_harvest has no slippage protection when swapping auraBAL for AURA

Lines of code Vulnerability details Impact Single swaps of harvest contains no slippage or deadline, which makes it vulnerable to sandwich attacks, MEV exploits and may lead to significant loss of yield. Proof of Concept When using BALANCERVAULT.swap here and here, there is no slippage protection...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/18 12:0 a.m.8 views

_harvest() vulnerable to sandwich attacks due to missing slippage checks

Lines of code Vulnerability details Impact All funds that should have been harvested can be taken via MEV sandwich attacks because there is no slippage control. Proof of Concept The two swap calls pass zero as the third argument: File: contracts/MyStrategy.sol 1 249 uint256 balEthBptEarned =...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/05/15 12:0 a.m.6 views

YieldManager's distributeYield can be subject to sandwich attacks

Lines of code Vulnerability details distributeYield uses Uniswap swaps via convertAssetToExchangeToken and Curve swaps via convertToStableCoin. UniswapAdapter and CurveswapAdapter do use Oracle for price estimation, but distributeYield calls use hard coded 5% SLIPPAGE, which is wide enough to mak...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/02/23 12:0 a.m.11 views

Missing Slippage Checks on ClearingHouse._liquidateMaker()

Lines of code Vulnerability details Impact The liquidateMaker function makes a call to AMM.removeLiquidity but does not provide suitable values for minQuote and minBase. As per the @todo, this call is prone to sandwich attacks, resulting in potentially fewer tokens for the maker. Proof of Concept...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/02/23 12:0 a.m.14 views

liquidation is vulnerable to sandwich attacks

Lines of code Vulnerability details when an account is liquidated, there is no minimum amount of the swap, which makes it vulnerable for sandwich attacks. Proof of Concept Alice's long position can be liquidated, bob notices it and creates a short position, then liquidates her position, thus...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/02 12:0 a.m.7 views

UniswapHelper.buyFlanAndBurn is a subject to sandwich attacks

Handle hyh Vulnerability details Impact Trades can happen at a manipulated price and end up receiving fewer Flan to be bought than current market price dictates. For example, at the time a user decides to call buyFlanAndBurn Flan trades at 0.8 in the input token terms at the corresponding DEX poo...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/01 12:0 a.m.5 views

sNote one sided LP provisions are vulnerable to sandwich attacks

Handle hyh Vulnerability details Impact Both types of one sided liquidity addition are enabled with sNote minting: a user can mint with only ETH/WETH and with only Note. In both cases a price impact of the operation isn't controlled. As a result the sandwich attack is possible and can be...

6.9AI score
Exploits0
Rows per page
Query Builder